ACE Routed / One-ARM Design

Answered Question
Aug 5th, 2010
User Badges:

This question is on ACE 4710 design, specifically the NAT statement offten used on the server vlan interfaces.  What is the maximum number of connections to a group of servers I can get with only using a single nat address?  Is it ~65000 ie the number of ethereal ports available?  Do i need to use multiple addresses if I expect more than 65000 connections on a VIP?


interface vlan x

  description server vlan
  ip address xx.xx.xx.20 255.255.255.224
  access-group input ACL1
  access-group output ACL1

  nat-pool 1 xx.xx.xx.1 xx.xx.xx.1 netmask 255.255.255.224 pat
  service-policy input remote-mgmt
  service-policy input CLIENT-VIPS
  no shutdown

Correct Answer by rocash about 6 years 9 months ago

The ACE provides 64 K minus 1 K ports for each IP address for PAT. Ports 0 through 1024 are reserved and cannot be used for PAT. Therefore a nat-pool with a single IP address will support ~63K simultaneous translations. See:


http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/nat.html



You can check the current port translations being performed by the ACE-4710 using the "show xlate" command, which is documented here:


http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_x/command/reference/execmds.html#wp1703221

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
rocash Thu, 08/05/2010 - 13:02
User Badges:
  • Cisco Employee,

The ACE provides 64 K minus 1 K ports for each IP address for PAT. Ports 0 through 1024 are reserved and cannot be used for PAT. Therefore a nat-pool with a single IP address will support ~63K simultaneous translations. See:


http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/nat.html



You can check the current port translations being performed by the ACE-4710 using the "show xlate" command, which is documented here:


http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_x/command/reference/execmds.html#wp1703221

Actions

This Discussion